Secondhand Cars Have Become Extremely Easy to Steal

Safety, Technology on June 13, 2017

The steady increase of the technology found in ‘smart cars’ has encouraged millions of people to invest in newer vehicles. But based on the hike in pricing for those vehicles, a huge number of people have decided to opt for previously-owned smart vehicles as a way to take part in the new technology without breaking the bank. While most have been absolutely thrilled with their purchase, others are facing unique risks and outcomes.

In order to use these smart cars effectively, automakers have created phone apps with an interface that is easy to access, use, and understand. While this technology is both exciting and useful, it has become a headache for second owners, and has put the safety of their vehicle greatly at risk.

Here’s the main issue: Original car owners still have access to the vehicle long after selling it.

Whether this is as the failed result of automakers rushing to figure out effective ways to meld technology and cars together in a user-friendly manner, or sloppy coding of a phone app, this raises questions and apprehension about safety and privacy as it makes second-hand cars all too easy to steal.

A recent study conducted by Charles Henderson, a cybersecurity researcher at IBM, showed that the mobile apps are designed with very poor security measures. For example, even when you factory-reset a car after it has been sold as used, the original owner will still be able to locate it, honk its horn, and even unlock its doors.

Charles Henderson presented this risk in a RSA conference in San Francisco.  He stated that even though he sold his car back to the dealership, wiped off all his personal information from services in the car, and returned the keys, he was still able to control the car through a mobile app for years.

Henderson also revealed that he tested four other major auto manufacturers, and found they all have apps that allow previous owners to access the vehicles from a mobile device. Although Henderson declined to name the manufacturers in question, he did give a reason as to why car manufacturers may be demanding apps like this—security.

Say, for example, you hand over your vehicle to a valet at a local restaurant. They could reset your car and lock you out of the app. Because of fears of lockouts and hacks such as these, car manufacturers only allow the original dealer to disconnect the car’s connection from the cloud accounts of the original owner.

So, what can second car owners do about this issue? Always ask car dealerships to show you how their mobile apps work and to verify that previous owners are no longer on the app.

The fact is until automakers find a way to resolve this issue with connected cars, second-hand car buyers should take extra precautions to ensure that no previous owners have access to their vehicles. If the seller or dealership can’t confirm that, it’s best to walk away.